S1037Windows

S1037STARWHALE

Platforms
1
ATT&CK
14.1
References
3

Description

[STARWHALE](https://attack.mitre.org/software/S1037) is Windows Script File (WSF) backdoor that has been used by [MuddyWater](https://attack.mitre.org/groups/G0069), possibly since at least November 2021; there is also a [STARWHALE](https://attack.mitre.org/software/S1037) variant written in Golang with similar capabilities. Security researchers have also noted the use of [STARWHALE](https://attack.mitre.org/software/S1037) by UNC3313, which may be associated with [MuddyWater](https://attack.mitre.org/groups/G0069).(Citation: Mandiant UNC3313 Feb 2022)(Citation: DHS CISA AA22-055A MuddyWater February 2022)

Platforms· 1

Windows

Attributed to1

TypeTargetConfidenceTier
GroupMuddyWaterg0069100%live

References

  1. https://attack.mitre.org/software/S1037
  2. https://www.cisa.gov/uscert/ncas/alerts/aa22-055a
  3. https://www.mandiant.com/resources/telegram-malware-iranian-espionage

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Software
Small Sieve
Software
StrifeWater
Software
Mori
Software
Shark
Actor
MuddyWater
Software
Waterbear
Sourced from MITRE ATT&CK Enterprise 14.1. Curated by Adam Lundqvist, SQUR.